Environment:Protectai Modelscan TensorFlow Optional

Overview

Optional TensorFlow >= 2.17 dependency required for scanning SavedModel (.pb) and Keras (.keras) model formats.

Description

This environment extends the core ModelScan runtime with TensorFlow support. When TensorFlow is installed, ModelScan can scan TensorFlow SavedModel protobuf files for unsafe operators and Keras metadata files for Lambda layers containing arbitrary code. Without TensorFlow, these scanners gracefully degrade by returning a `DependencyError` instead of crashing.

The TensorFlow dependency is declared as an optional extra in `pyproject.toml` and is conditionally imported at scanner module load time using a `try/except ImportError` pattern.

Usage

Use this environment when scanning TensorFlow SavedModel (`.pb` files) or Keras (`.keras` files) model formats. If you only need to scan pickle, PyTorch, or NumPy formats, this environment is not required.

System Requirements

Dependencies

System Packages

• No additional system packages beyond those for the core runtime

Python Packages

• All core runtime dependencies (see Environment:Protectai_Modelscan_Python_Core_Runtime)
• `tensorflow` >= 2.17

Credentials

No additional credentials required.

Quick Install

# Install modelscan with TensorFlow extras
pip install 'modelscan[tensorflow]'

# Or install TensorFlow separately
pip install tensorflow>=2.17

Code Evidence

Optional dependency declaration in `pyproject.toml:24-28`:

# TODO: Add py3.12 once TF release supports
tensorflow = { version = "^2.17", optional = true }

[tool.poetry.extras]
tensorflow = ["tensorflow"]

Conditional import with graceful fallback from `scanners/saved_model/scan.py:8-15`:

try:
    import tensorflow
    from tensorflow.core.protobuf.saved_model_pb2 import SavedModel
    from tensorflow.python.keras.protobuf.saved_metadata_pb2 import SavedMetadata

    tensorflow_installed = True
except ImportError:
    tensorflow_installed = False

Dependency check returning error instead of crash from `scanners/saved_model/scan.py:40-52`:

dep_error = self.handle_binary_dependencies()
if dep_error:
    return ScanResults(
        [],
        [
            DependencyError(
                self.name(),
                f"To use {self.full_name()}, please install modelscan with tensorflow extras. "
                "`pip install 'modelscan[ tensorflow ]'` if you are using pip.",
                model,
            )
        ],
        [],
    )

TensorFlow operator enumeration from `scanners/saved_model/scan.py:70-71`:

all_operators = (
    tensorflow.raw_ops.__dict__.keys() if tensorflow_installed else []
)

Common Errors

Compatibility Notes

• Python 3.12: TensorFlow support may be limited. The `pyproject.toml` contains `# TODO: Add py3.12 once TF release supports` indicating known compatibility gaps.
• Keras .keras format: Requires TensorFlow for the `SavedModelLambdaDetectScan` base class, even though `.keras` files are zip-based JSON configs.
• Keras H5 format: Uses TensorFlow indirectly via `SavedModelLambdaDetectScan` parent class, but primarily depends on h5py (see Environment:Protectai_Modelscan_H5py_Optional).
• Test environment: Tests require `TF_USE_LEGACY_KERAS=1` environment variable and `tf-keras>=2.20.1`.

Related Pages

• Implementation:Protectai_Modelscan_ModelScan_Scan
• Implementation:Protectai_Modelscan_ScanBase